998 Open source projects that are alternatives of or similar to vulnerabilities

Source code for Hacker101.com - a free online web and mobile security class.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Audit tool to find common vulnerabilities in PHP source code

Web Application Security Scanner Framework

Top disclosed reports from HackerOne

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

In progress rough solutions to bWAPP / bee-box

A Deliberately Insecure Web Application

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Generates malicious LNK file payloads for data exfiltration

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

A web application for generating custom XSS payloads

A fast DOM based XSS vulnerability scanner with simplicity.

Yet Another PHP Shell - The most complete PHP reverse shell

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Cameradar hacks its way into RTSP videosurveillance cameras

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A container repository for my public web hacks!

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Code from Blackhat Python book

🔐 Docker Container for Penetration Testing & Security

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

A simple tool for interacting with OWASP ZAP from the commandline.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Vagrant VirtualBox environment for conducting an internal network penetration test

备考 OSCP 的各种干货资料/渗透测试干货资料

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

WEB SERVICE SECURITY ASSESSMENT TOOL

The LAZY script will make your life easier, and of course faster.

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

Proactively protect your Node.js web services

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

👨‍🏫 Mike's Web Security Course

No description or website provided.

Hacking tools

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Java web and command line applications demonstrating various security topics

XSS'OR - Hack with JavaScript.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Multi source CVE/exploit parser.

Quick SQL Scanner, Dorker, Webshell injector PHP

Pretty vulnerable flask app..

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

Automated NoSQL database enumeration and web application exploitation tool.

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

nodejs + express security and performance boilerplate.

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

It's a Docker Environment for pentesting which having all the required tool for VAPT.